[$] Possible paths for signing BPF programs

BPF programs are loaded directly into the kernel.Even though the verifier protects the kernel from certain kinds ofmisbehavior in BPF programs, some people are still justifiably concerned aboutadding unsigned code to their kernel. A fully correct BPF program can still beused to expose sensitive data, for example.To remedy this, Blaise Boscaccy and KP Singhhave both shared patch sets that add ways to verify cryptographicsignatures of BPF programs, allowing users to configure their kernels to loadonly pre-approved BPF programs. This work follows on from thediscussion at theLinux Storage, Filesystem, Memory-Management, and BPF Summit (LSFMM+BPF)in April and Boscaccy'searlier proposal of a Linux Security Module (LSM) to accomplish the same goal.There arestill some fundamental disagreements over the best approach to signing BPFprograms, however.